How do you know a storm is coming? Look at the clouds. A Cyber Signals report published by Microsoft’s Threat Intelligence team in May detailed how a Moroccan threat actor known as Atlas Lion, or Storm-0539, conducts financial crimes, such as gift card fraud, by abusing cloud services.

Backstory. Storm Atlas typically starts by obtaining free trials and student accounts on cloud service platforms. Another way in is to impersonate nonprofits or charities and ask for “sponsored” or “discounted” services. They then “create virtual machines and launch their operations,” mostly targeting US-based retailers with phishing and smishing campaigns. They’ll exfiltrate data and conduct gift card theft, gather info for future attacks, and continue the process all over again.

IT Brew caught up with Emiel Haeghebaert, a senior hunt analyst on the Microsoft Threat Intelligence team, to discuss the nature of the group and its schemes.

Can you dive a bit more into the aspect of setting up student accounts or free trials on cloud service platforms and what that entails?

“Absolutely. I think all the major cloud providers have trial services or student accounts where you…have to provide your information—maybe a credit card on file, provide an email address, and then you can get, for example, 30 days of access up to $50 of value,” he told IT Brew. “And that $50 is calculated by…what you’re using. So, if you use a virtual machine, and you’re doing all kinds of crazy things on it, that $50 will be gone very quickly.”

The cyber group—which Microsoft first started tracking in 2021—has stolen “up to $100,000 a day at certain companies,” the report also stated.

Read more here.—AF

Do you work in IT or have information about your IT department you want to share? Email [email protected].

In today’s digital-first world, solid cybersecurity isn’t optional…but it can be complicated. You need a holistic cybersecurity program with standards and guidelines that’ll help mitigate risk.

And that’s where Veeam comes in. Check out Building a Cyber-Resilient Data Recovery Strategy, the new whitepaper that digs into the NIST Cybersecurity Framework 2.0 and how orgs can use it to transform their security strategy.

Grab the full guide to learn how to:

• Empower IT to actively participate in your org’s cybersecurity plan.
• Harness Veeam’s capabilities in your strategy.

You’ll find insights about the framework and learn how Veeam can help you create a cyber-resilient recovery strategy. And once you’ve studied up, try Veeam’s Data Platform free for 30 days.

ChatGPT developer OpenAI has announced the formation of a “Safety and Security Committee” to address AI’s long-term risks, after two scientists previously responsible for that effort resigned.

The move is unlikely to mollify critics, though: TechCrunch reported that the new committee is a who’s who of company insiders.

In May, co-founder and Chief Scientist Ilya Sutskever left OpenAI, shortly followed by Safety Researcher Jan Leike—both of whom helped lead a “superalignment” team responsible for creating ethical and practical safeguards in AI products. OpenAI reportedly disbanded that team, and Leike tweeted shortly after leaving the firm that its “safety culture and processes have taken a backseat to shiny products.” Other employees in policy or governance roles have left in recent months, according to Wired, and Quartz separately tallied a number of other departures among safety staff.

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

On weekends, you might catch Bill Briggs breaking open his prized The Twilight Zone pinball machine—using a multimeter on its board components to find a burnt bridge rectifier causing the game to reset unexpectedly.

His Monday-to-Friday work rarely requires the soldering tools and solenoids that support pinball-machine investigation surgery. As chief technology officer at Deloitte, he helps Fortune 50 companies and big government agencies through digital transformations—like a factory getting “smarter” with sensors and 5G.

Briggs provides the realistic vision for companies considering quantum computing, industrial metaverse, and advanced physical robotics—technologies that have barely arrived long enough to be broken and troubleshooted. But he doesn’t really have to take apart machinery these days—professionally, at least.

Briggs loves pinball not just for the obvious, fun, flipper-y reasons. A broken pinball machine has satisfying fixes.

“It’s a very well-defined problem with a very clear solution set, which we don’t often get as CTOs and CIOs…the idea that within an hour or two, it can be fixed,” Briggs told IT Brew.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Attention, business owners. The limited edition Boeing 747 Delta SkyMiles® Reserve Business Card design has arrived. It’s made with metal from a retired Boeing 747.* Elevate your business by earning 3x miles on Delta purchases. Apply today.

*The limited edition Boeing 747 design is made with 33% metal from a Delta Boeing 747 aircraft. Image for illustration only. Does not represent Boeing 747-400 aircraft used for card.